Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.0 #1775

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.0 #1775

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 4, 2020

Snyk has created this PR to upgrade marked from 0.3.5 to 0.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2019-12-12.

The recommended version fixes:

Severity Issue Exploit Maturity
GPL-2.0 license
snyk:lic:npm:goof:GPL-2.0		 No Data
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170815		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170112		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20150520		 No Known Exploit
MPL-2.0 license
snyk:lic:npm:symbol:MPL-2.0		 No Data
Cross-site Scripting (XSS)
npm:marked:20170815-1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		 No Known Exploit
Release notes
Package name: marked
  • 0.8.0 - 2019-12-12

    Breaking changes

    Fixes

    • Fix relative urls in baseUrl option #1526
    • Loose task list #1535
    • Fix image parentheses #1557
    • remove module field & update devDependencies #1581

    Docs

    • Update examples with es6+ #1521
    • Fix link to USING_PRO.md page #1552
    • Fix typo in USING_ADVANCED.md #1558
    • Node worker threads are stable #1555

    Dev Dependencies

    • Update deps #1516
    • Update eslint #1542
    • Update htmldiffer async matcher #1543
  • 0.7.0 - 2019-07-06

    Security

    • Sanitize paragraph and text tokens #1504
    • Fix ReDOS for links with backticks (issue #1493) #1515

    Breaking Changes

    • Deprecate sanitize and sanitizer options #1504
    • Move fences to CommonMark #1511
    • Move tables to GFM #1511
    • Remove tables option #1511
    • Single backtick in link text needs to be escaped #1515

    Fixes

    Tests

    • Run tests with correct options #1511
  • 0.6.3 - 2019-06-30

    Fixes

    Docs

    • add docs for workers #1432
    • Add security policy #1492
    • Update supported spec versions #1491
    • Update test folder descriptions #1506

    DevOps

    • Use latest commit for demo master #1457
    • Update tests to commonmark 0.29 #1465
    • Update tests to GFM 0.29 #1470
    • Fix commonmark spec 57 and 40 (headings) #1475
  • 0.6.2 - 2019-04-05

    Security

    Fixes

    • Links parens #1435
    • New line after table with escaped pipe #1439
    • List item tables #1446

    Enhancements

    • Pass token boolean to the listitem function #1440
    • Allow html without \n after #1438

    CLI

    • Update man page to include --test and fix argv parameters #1442
    • Add a --version flag to print marked version #1448

    Testing

    • Normalize marked tests #1444
    • Update tests to node 4 syntax #1449
  • 0.6.1 - 2019-02-19

    Fixes

    • Fix parenthesis url redos #1414

    Docs

    • Update demo site to use a worker #1418
    • Update devDependencies to last stable #1409
    • Update documentation about extending Renderer #1417
    • Remove --save option as it isn't required anymore #1422
    • Add snyk badge #1420
  • 0.6.0 - 2019-01-01

    Breaking Changes

    • Drop support for Node v0.10 and old browsers such as Internet Explorer
      • You should not have any problems if using Node 4+ or a modern browser
    • Add parameter slugger to Renderer.prototype.heading method #1401
      • You should not have any problems if you do not override this method

    New Features

    • Add new export marked.Slugger #1401

    Fixes

    • Fix emphasis followed by a punctuation #1383
    • Fix bold around autolink email address #1385
    • Make autolinks case insensitive #1384
    • Make code fences compliant with Commonmark spec #1387
    • Make blockquote paragraph continuation compliant with Commonmark spec #1394
    • Make ordered list marker length compliant with Commonmark spec #1391
    • Make empty list items compliant with Commonmark spec #1395
    • Make tag escaping compliant with Commonmark spec #1397
    • Make strong/bold compliant with Commonmark spec #1400
    • Fix handling of adjacent lists #684
    • Add better error handling when token type cannot be found #1005
    • Fix duplicate heading id and non-latin characters #1401

    CLI

    • Pretty print ENOENT errors on cli #1396
    • Update repo url in man #1403

    Docs

    Tests

    • Remove old test covered by gfm/cm #1389
  • 0.5.2 - 2018-11-20

    Bug Fixes

    • Fix emphasis closing by single _ (part of left-flanking run) #1351
    • Make URL handling consistent between links and images #1359

    Other

    • Add missing semicolons, add lint rule #1340
    • Make Steven (@styfle) a npm publisher #1346
    • Fix typo in docs: responsibility #1364
    • Add the ability to specify options on the demo page as JSON #1357
      • Show red border when JSON options are invalid #1360
    • Move license file back to root dir #1356
    • Fix builds: remove node v0.10 from travis matrix #1366
      • This does not a break compatibility in this release but it will a future release
    • Add files key to package.json to prevent publishing unused files #1367
  • 0.5.1 - 2018-09-26

    Security

    • Fix inline code regex and prevent REDOS #1337
    • Use @markedjs/html-differ to prevent REDOS #1331

    Bug Fixes

    • Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true #1335
    • Fix auto-linking email address #1338

    Other

    • Refactor the escape() function to improve performance 10-20% #975
    • Update copyright in source code #1326
    • Update benchmark tests #1019
    • Add dependency badges to readme #1333
  • 0.5.0 - 2018-08-16

    Security

    • Use rtrim, not unsafe /X+$/ #1260

    Breaking Changes

    • Fix GFM empty table cells #1262
    • Fix GFM extended auto-linking requiring multiple backpedals #1293
    • Fix GFM strikethrough compatibility #1258
    • Fix issues link references and prototypes #1299
    • Fix hard line break when backslash at EOL #1303
    • Fix hyperlinks with parenthesis #1305
    • Fix loose lists #1304
    • Fix strong and em #1315

    Docs

    • Fix typo in USING_ADVANCED.md #1276
    • Add pictures to AUTHORS.md #1272
    • Change badge to latest version of marked #1300
    • Change badges from shields.io to badgen.net #1317
    • Use iframe to sandbox generated html #1295
    • Add additional links into readme #1310
    • Add missing parameters for renderer methods #1311
    • Add undocumented option descriptions #1312
    • Add navigation sidebar to the docs #1316

    CI

    • Change travis clone depth to 3 #1270
  • 0.4.0 - 2018-05-21

    Security Fixes

    New Features

    Breaking Changes

    • Fix escaping pipes in tables (#1239)
    • Fix html output for tables to match GFM spec (#1245)
    • Fix many bugs to reach parity with CommonMark spec (#1135)
    • Fix new Renderer() so it uses default options (#1203)
    • Fix text and paragraph return types (#1248) (#1249)
    • Fix <em> less than 3 chars (#1181)
    • Fix <pre> code blocks so there is no more trailing \n (#1266)
    • Fix default langPrefix to follow CommonMark standard language- (#1265)

    CLI Changes

    • Add string argument to CLI (#1182)
    • Change CLI stdio to remove warning (#994)

    Other changes

  • 0.3.19 - 2018-03-26
  • 0.3.18 - 2018-03-22
  • 0.3.17 - 2018-02-27
  • 0.3.16 - 2018-02-20
  • 0.3.15 - 2018-02-19
  • 0.3.14 - 2018-02-16
  • 0.3.13 - 2018-02-16
  • 0.3.12 - 2018-01-09
  • 0.3.9 - 2017-12-23
  • 0.3.7 - 2017-12-01
  • 0.3.6 - 2016-07-30
  • 0.3.5 - 2015-07-31
from marked GitHub release notes
Commit messages
Package name: marked

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot